[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18925 [User Experience/Website]: Add instructions for removing the code signing parts of OS X bundles

Subject: Re: [tor-bugs] #18925 [User Experience/Website]: Add instructions for removing the code signing parts of OS X bundles
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 31 May 2016 12:12:25 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 31 May 2016 08:12:37 -0400
In-reply-to: <042.f463170d5318248a2af6fdef52d58d7a@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.f463170d5318248a2af6fdef52d58d7a@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18925: Add instructions for removing the code signing parts of OS X bundles
-------------------------------------+--------------------------
 Reporter:  gk                       |          Owner:  tbb-team
     Type:  enhancement              |         Status:  new
 Priority:  Medium                   |      Milestone:
Component:  User Experience/Website  |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:  TorBrowserTeam201605     |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+--------------------------

Comment (by gk):

 I've thought about this a bit and here are the requirements I came up
 with:

 1) We should build .dmg files as we are doing now for our QA. One idea was
 to create .dmg files only after signing the packages to make the whole
 process less burdensome. But that would leave us without testing the step
 where users get Tor Browser out of the .dmg container on their computer.

 2) We have scripts for checking the Authenticode signatures and the MAR
 files signatures to make sure we did not miss a file while signing and
 stripping the signatures is reproducible. We should have a script for
 checking signed .dmg files as well.

 3) We should provide instructions for removing code signing parts *on* OS
 X systems as well.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18925#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #18884 [Applications/Tor Browser]: Rip Firefox Hello Beta / Loop extension in ESR45 based Tor Browser
Next by Author: Re: [tor-bugs] #18845 [Applications/Tor Browser]: Make zip and tar helpers generate reproducible archives without relying on libfaketime
Previous by thread: Re: [tor-bugs] #13313 [Applications/Tor Browser]: Enable bundled fonts in Tor Browser
Next by thread: [tor-bugs] #19210 [Applications/Tor Browser]: NoScript places WebM videos too late behind click-to-play in higher security levels
Index(es):
- Author
- Thread